Switches are required to be more and more IPv6 aware in order to protect the network against rogue or uncontrolled behaviors, particularly in secure environments. For instance, one aspect required by IPv6 switches is to maintain binding entries where the switch maintains a mapping of which switch (e.g., which port on which switch) owns a given IPv6 address. Notably, such management operations have to be consistent with switches that support snooping operations, and switches that do not.
The Source Address Validation Improvements (SAVI) Working Group at the Internet Engineering Task Force (IETF) has been studying ways to maintain such entries. In general, there are pros and cons to the current approaches developed by SAVI, but one particular shortcoming is the lack of a first-come-first-serve protection against rogue is devices that steal addresses that may be “seen” through the duplicate address detection (DAD) process, that is, stolen based on observing public traffic flow.